X
Tap here to go to the mobile version of the site.

منتدى الدعم

Website fingerprint does not match for DNS Over HTTPS for cloudflare

Posted

Each web site has its own signature. When I find the signature of https://one.one.one.one/help (used to very DNS over HTTPS for cloudflare) by using https://www.grc.com/fingerprints.htm it does not match. The signature I get is sha1 by Comodo 5B:20:E3:43:13:69:94:69:68:B4:56:4A:5C:50:32:12:B7:3B:CF:2C

The GRC website gives a fingerprint for one.one.one.one/help as ssl920621.cloudflaressl.com — 01:31:4A:78:20:82:00:D4:40:AC:55:B9:41:92:08:76:81:A4:0C:B8

Anyone know why the difference?

Each web site has its own signature. When I find the signature of https://one.one.one.one/help (used to very DNS over HTTPS for cloudflare) by using https://www.grc.com/fingerprints.htm it does not match. The signature I get is sha1 by Comodo 5B:20:E3:43:13:69:94:69:68:B4:56:4A:5C:50:32:12:B7:3B:CF:2C The GRC website gives a fingerprint for one.one.one.one/help as ssl920621.cloudflaressl.com — 01:31:4A:78:20:82:00:D4:40:AC:55:B9:41:92:08:76:81:A4:0C:B8 Anyone know why the difference?
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0

More Information

jscher2000
  • Top 10 Contributor
8688 solutions 71030 answers

Each SSL certificate has its own signature.

When I check the site's certificate by visiting the page and using:

right-click > View Page Info > Security tab > View Certificate

I get:

Common name: ssl920622.cloudflaressl.com

SHA1 Fingerprint: 5B:20:E3:43:13:69:94:69:68:B4:56:4A:5C:50:32:12:B7:3B:CF:2C

If GRC shows a different Common name, that's a different certificate. Probably some kind of CDN/Load Balancing thing.

Each ''SSL certificate'' has its own signature. When I check the site's certificate by visiting the page and using: right-click > View Page Info > Security tab > View Certificate I get: Common name: ssl920622.cloudflaressl.com SHA1 Fingerprint: 5B:20:E3:43:13:69:94:69:68:B4:56:4A:5C:50:32:12:B7:3B:CF:2C If GRC shows a different Common name, that's a different certificate. Probably some kind of CDN/Load Balancing thing.

Modified by jscher2000

Was this helpful to you?
Quote

Question owner

The certificate fingerprint should alway be the same as it is tied to the certificate and does not matter how many load balanacers. An example is youtube.

My certificate is as enclosed and does not match official fingerprint from GRC.

The certificate fingerprint should alway be the same as it is tied to the certificate and does not matter how many load balanacers. An example is youtube. My certificate is as enclosed and does not match official fingerprint from GRC.
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8688 solutions 71030 answers

Mace2 said

My certificate is as enclosed and does not match official fingerprint from GRC.

How did you get that certificate for cloudflare-dns.com?

Neither of us got that certificate yesterday.

''Mace2 [[#answer-1257723|said]]'' <blockquote> My certificate is as enclosed and does not match official fingerprint from GRC. </blockquote> How did you get that certificate for '''cloudflare-dns.com'''? Neither of us got that certificate yesterday.
Was this helpful to you?
Quote

Question owner

While connected directly to my ISP vmedia I simply go to one.one.one.one/help and look at the certificate information.

I now get your SHA1 Fingerprint: 5B:20:E3:43:13:69:94:69:68:B4:56:4A:5C:50:32:12:B7:3B:CF:2C as of Oct-10-2019. I would not expect the fingerprint to change.

however it still doesn't match GRC fingerprint which still remains one.one.one.one ssl920621.cloudflaressl.com — 01:31:4A:78:20:82:00:D4:40:AC:55:B9:41:92:08:76:81:A4:0C:B8

While connected directly to my ISP vmedia I simply go to one.one.one.one/help and look at the certificate information. I now get your SHA1 Fingerprint: 5B:20:E3:43:13:69:94:69:68:B4:56:4A:5C:50:32:12:B7:3B:CF:2C as of Oct-10-2019. I would not expect the fingerprint to change. however it still doesn't match GRC fingerprint which still remains one.one.one.one ssl920621.cloudflaressl.com — 01:31:4A:78:20:82:00:D4:40:AC:55:B9:41:92:08:76:81:A4:0C:B8
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8688 solutions 71030 answers

Compare the certificate common names.

Compare the certificate common names.
Was this helpful to you?
Quote

Question owner

I don't think the common name matters. The below shows both the one.one.one.one certifcate and the GRC site fingerprint. The SHA1 values should match.

I don't think the common name matters. The below shows both the one.one.one.one certifcate and the GRC site fingerprint. The SHA1 values should match.
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8688 solutions 71030 answers

Mace2 said

I don't think the common name matters. The below shows both the one.one.one.one certifcate and the GRC site fingerprint. The SHA1 values should match.

They don't match because they are different certificates.

  • One is for ssl920621.cloudflaressl.com
  • One is for ssl920622.cloudflaressl.com
''Mace2 [[#answer-1258318|said]]'' <blockquote> I don't think the common name matters. The below shows both the one.one.one.one certifcate and the GRC site fingerprint. The SHA1 values should match. </blockquote> They don't match because they are different certificates. * One is for ssl92062'''1'''.cloudflaressl.com * One is for ssl92062'''2'''.cloudflaressl.com
Was this helpful to you?
Quote

Question owner

Yes. I know but I only enter one site for verification of the fingerprint.

Is there a method to verify the fingerprint for one.one.one.one ?

Yes. I know but I only enter one site for verification of the fingerprint. Is there a method to verify the fingerprint for one.one.one.one ?
Was this helpful to you?
Quote
اطرح سؤالا

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.